eDirectory - Beyond File System Rights

Novell Cool Solutions: Feature

"If eDirectory doesn't provide a way to manage file system rights, what are the benefits of using it? I have a customer who has a main office with 25-30 employees using NetWare in that office. They have two smaller offices that service approximately 5-10 employees. The only link between offices is a sporadic connection provided by a Symantec VPN Appliance. Is anyone else familiar with similar configurations? What changes or modifications would you recommend?"

eDirectory doesn't manage file system rights on NetWare; file system rights are the perview of the operating system rather than the directory service. The OS leverages the directory in order to associate identities from the identity store with permissions in the directory. It's been that way since the Bindery on NetWare; that's how it works in Active Directory, and even with Unix and UID/GID style file permissions.

Benefits to using eDirectory on any platform for things other than platform management have to do with identity stores for LDAP/SOAP/etc-based applications that need to use identity information. FOe example, I've used eDirectory in the following ways:

As the backend to a Squid proxy server (using the ldap authentication module for Squid)

For granting rights to RAS solutions (NetWare Connect and 3Com gear are what I've used in the past)

To authenticate to webpages

To manage resources with tools like the ZEN suite

Another very popular application of eDirectory is as the central store for identity for employee/student workflow applications. At Novell, for example, our implementation ties an HR application into a central identity vault using Identity Manager. That in turn ties to a number of systems, including our private internal "innerweb", the external iLogin system (which you'll have logged into if you download patches, hold a certification, or otherwise need access to a secured section of the Novell website). It also ties into external systems our employees need access to for benefits management (I can manage my benefits through my internal Novell authentication, check my vacation time - which is handled by an external company - and other things like that).

When I was hired by Novell, my information was put into the HR system. That population of information triggered events to push that information to a number of different systems, some of which I've described above. A phone number was allocated to me and an e-mail sent off to someone telling them where my office was (based on management, site, and other information, some of which may have been entered by hand through a workflow application). That prepared the way for a phone to be put on my desk and programmed by the system to have my extension on it.

My first day on the job at Novell was President's Day. On that day, I was on an airplane, but because of the automatic nature of the system, I had authentication credentials set up for me when I got in> I also had a laptop and cell phone allocated to me, and my travel preferences (which I had provided in advance) were in the travel system so my flight could be booked as well as a hotel room in my destination city.

And I've only just scratched the surface with what you can do with an identity management solution (which eDirectory is a key component of). They take planning and time to implement, but you can save your business a lot of money with a solid implementation.